Change Healthcare hacked using stolen Citrix account with no MFA

May 1, 2024Source: BleepingComputer

Found this useful? Share it with your network

UnitedHealth has disclosed that its subsidiary, Change Healthcare, was victim to a BlackCat ransomware attack after attackers used stolen credentials to access the company's Citrix remote access service, which lacked multi-factor authentication. The breach, occurring in late February 2024, led to significant operational disruptions, affecting vital services such as payment processing and insurance claims, with financial damages estimated at $872 million. UnitedHealth later admitted to paying a ransom in an effort to protect compromised data, despite the details of the attack not being fully disclosed. The organization has undertaken extensive remediation efforts, including system upgrades and network rebuilds, aimed at restoring affected services and enhancing security measures. Additionally, an update mentions that stolen Change Healthcare employee Citrix credentials were detected on February 8 by Hudson Rock's threat intelligence platform, though it's unclear if these credentials were directly linked to the ransomware attack.

Read Full Article

Opens on BleepingComputer

More News

AMA Asking For Stronger Safeguards on AI Mental Health Chatbots

April 29, 2026MobiHealthNews

Andrea Daugherty Appointed Chief Information and Digital Transformation Officer at ARMC

April 24, 2026arrowheadregional.org

Craig Richardville Appointed Chief Digital and Information Officer at UF Health

April 13, 2026ufhealth.org

Former AMA Exec Margaret Lozovatsky Named CDIO At Premier Health

April 10, 2026premierhealth.com

Signature Healthcare Diverts Ambulances Following Cybersecurity Incident

April 8, 2026SecurityWeek

More Than 100 Hospitals Suing HHS Over Alleged Underpayment

April 6, 2026MedCity News